Premium Packages < 5.8.3 - Reflected Cross-Site Scripting
Description The Premium Packages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 5.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
7.1CVSS
6.4AI Score
0.0004EPSS
Dormakaba Locks Used in Millions of Hotel Rooms Could Be Cracked in Seconds
Security vulnerabilities discovered in Dormakaba's Saflok electronic RFID locks used in hotels could be weaponized by threat actors to forge keycards and stealthily slip into locked rooms. The shortcomings have been collectively named Unsaflok by researchers Lennert Wouters, Ian Carroll, rqu,...
7.7AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 18, 2024 to March 24, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 94 vulnerabilities disclosed in 81 WordPress.....
9.9CVSS
9.4AI Score
0.001EPSS
Hardware Vulnerability in Apple’s M-Series Chips
It's yet another hardware side-channel attack: The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it’s...
7AI Score
Telegram Offers Premium Subscription in Exchange for Using Your Number to Send OTPs
In June 2017, a study of more than 3,000 Massachusetts Institute of Technology (MIT) students published by the National Bureau for Economic Research (NBER) found that 98% of them were willing to give away their friends' email addresses in exchange for free pizza. "Whereas people say they care...
7.2AI Score
Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro allows Stored XSS.This issue affects Image Map Pro: from n/a before...
6.1CVSS
6.2AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro allows Stored XSS.This issue affects Image Map Pro: from n/a before...
6.1CVSS
6.7AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro allows Stored XSS.This issue affects Image Map Pro: from n/a before...
6.1CVSS
6.8AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro allows Stored XSS.This issue affects Image Map Pro: from n/a before...
6.1CVSS
6.4AI Score
0.0004EPSS
Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4;...
7.1CVSS
7AI Score
0.0004EPSS
Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4;...
7.1CVSS
6.9AI Score
0.0004EPSS
CVE-2023-34370 Server Side Request Forgery (SSRF) vulnerability in Starter Templates plugins
Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4;...
7.1CVSS
7.2AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in W3 Eden, Inc. Premium Packages allows Reflected XSS.This issue affects Premium Packages: from n/a through...
7.1CVSS
6.9AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in W3 Eden, Inc. Premium Packages allows Reflected XSS.This issue affects Premium Packages: from n/a through...
7.1CVSS
9.3AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Quantum Cloud Slider Hero allows Stored XSS.This issue affects Slider Hero: from n/a through...
5.9CVSS
5.7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Quantum Cloud Slider Hero allows Stored XSS.This issue affects Slider Hero: from n/a through...
5.9CVSS
9.1AI Score
0.0004EPSS
CVE-2024-29924 WordPress Premium Packages plugin <= 5.8.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in W3 Eden, Inc. Premium Packages allows Reflected XSS.This issue affects Premium Packages: from n/a through...
7.1CVSS
7.1AI Score
0.0004EPSS
CVE-2024-29922 WordPress Slider Hero plugin <= 8.6.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Quantum Cloud Slider Hero allows Stored XSS.This issue affects Slider Hero: from n/a through...
5.9CVSS
5.9AI Score
0.0004EPSS
Crafting Shields: Defending Minecraft Servers Against DDoS Attacks
Minecraft, with over 500 million registered users and 166 million monthly players, faces significant risks from distributed denial-of-service (DDoS) attacks, threatening server functionality, player experience, and the game's reputation. Despite the prevalence of DDoS attacks on the game, the...
7.2AI Score
This week on the Lock and Code podcast… Few words apply as broadly to the public—yet mean as little—as “home network security.” For many, a “home network” is an amorphous thing. It exists somewhere between a router, a modem, an outlet, and whatever cable it is that plugs into the wall. But the...
7.6AI Score
CVE-2022-45356 WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through...
5.4CVSS
5.8AI Score
0.0004EPSS
CVE-2022-45352 WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through...
5.4CVSS
7AI Score
0.0004EPSS
CVE-2022-45352 WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through...
5.4CVSS
5.8AI Score
0.0004EPSS
CVE-2022-45351 WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through...
5.4CVSS
5.8AI Score
0.0004EPSS
CVE-2022-45351 WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through...
5.4CVSS
7AI Score
0.0004EPSS
CVE-2022-45349 WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through...
4.3CVSS
7AI Score
0.0004EPSS
CVE-2022-45349 WordPress Betheme premium theme <= 26.6.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through...
4.3CVSS
5AI Score
0.0004EPSS
Meta Box < 5.9.4 - Contributor+ Arbitrary Posts' Custom Field Disclosure
Description The plugin does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's...
6.8AI Score
0.0004EPSS
Meta Box < 5.9.4 - Contributor+ Arbitrary Posts' Custom Field Disclosure
Description The plugin does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts. PoC 1. ADMIN: Install Meta Box 2. ADMIN: Add Meta Box fields through code or the premium add-on...
6.8AI Score
0.0004EPSS
U.S. Justice Department Sues Apple Over Monopoly and Messaging Security
The U.S. Department of Justice (DoJ), along with 16 other state and district attorneys general, on Thursday accused Apple of illegally maintaining a monopoly over smartphones, thereby undermining, among other things, the security and privacy of users when messaging non-iPhone users. "Apple wraps...
6.8AI Score
Missing Authorization vulnerability in YITH YITH WooCommerce Gift Cards Premium.This issue affects YITH WooCommerce Gift Cards Premium: from n/a through...
6.5CVSS
7.2AI Score
0.0004EPSS
Missing Authorization vulnerability in YITH YITH WooCommerce Gift Cards Premium.This issue affects YITH WooCommerce Gift Cards Premium: from n/a through...
6.5CVSS
6.7AI Score
0.0004EPSS
The dormakaba Saflok system before the November 2023 software update allows an attacker to unlock arbitrary doors at a property via forged keycards, if the attacker has obtained one active or expired keycard for the specific property, aka the "Unsaflok" issue. This occurs, in part, because the key....
6.9AI Score
0.0004EPSS
The dormakaba Saflok system before the November 2023 software update allows an attacker to unlock arbitrary doors at a property via forged keycards, if the attacker has obtained one active or expired keycard for the specific property, aka the "Unsaflok" issue. This occurs, in part, because the key....
6.6AI Score
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 11, 2024 to March 17, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 163 vulnerabilities disclosed in 126...
10CVSS
10AI Score
0.001EPSS
The dormakaba Saflok system before the November 2023 software update allows an attacker to unlock arbitrary doors at a property via forged keycards, if the attacker has obtained one active or expired keycard for the specific property, aka the "Unsaflok" issue. This occurs, in part, because the key....
7AI Score
0.0004EPSS
The dormakaba Saflok system before the November 2023 software update allows an attacker to unlock arbitrary doors at a property via forged keycards, if the attacker has obtained one active or expired keycard for the specific property, aka the "Unsaflok" issue. This occurs, in part, because the key....
6.9AI Score
0.0004EPSS
[updated] Apex Legends Global Series plagued by hackers
The North American finals of online shooter game Apex Legends has been postponed after games were disrupted by hacking incidents. Apex Legends, published by EA, is currently in an important stage of its Global Series, the regional finals mode. This is a big deal for the top players since there is.....
7.6AI Score
Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using qiskit_ibm_runtime.RuntimeDecoder can lead to arbitrary code...
5.3CVSS
7.5AI Score
0.0004EPSS
Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using qiskit_ibm_runtime.RuntimeDecoder can lead to arbitrary code...
5.3CVSS
5.8AI Score
0.0004EPSS
Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using qiskit_ibm_runtime.RuntimeDecoder can lead to arbitrary code...
5.3CVSS
5.7AI Score
0.0004EPSS
CVE-2024-29032 `qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code
Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using qiskit_ibm_runtime.RuntimeDecoder can lead to arbitrary code...
5.3CVSS
6AI Score
0.0004EPSS
🎉 Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 15th, 2024, during our second Bug Bounty...
8.8CVSS
7.7AI Score
0.0004EPSS
Tax scammer goes after small business owners and self-employed people
While most tax payers don’t particularly look forward to tax season, for some scammers it’s like the opening of their hunting season. So it's no surprise that our researchers have found yet another tax-related scam. In this most recent scam, we've not seen the lure the scammer uses, but it is...
6.8AI Score
premium-speakers.com Cross Site Scripting vulnerability OBB-3881150
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through...
6.5CVSS
6.5AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through...
6.5CVSS
6.7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through...
6.5CVSS
6.7AI Score
0.0004EPSS
SQL Injection Vulnerability Patched in Tutor LMS WordPress Plugin
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 15th, 2024, during our second Bug Bounty Extravaganza,.....
8.8CVSS
8.1AI Score
0.0004EPSS
AI and the Evolution of Social Media
Oh, how the mighty have fallen. A decade ago, social media was celebrated for sparking democratic uprisings in the Arab world and beyond. Now front pages are splashed with stories of social platforms’ role in misinformation, business conspiracy, malfeasance, and risks to mental health. In a 2022...
6.3AI Score